Monday, May 25, 2009

The Best IDP/IDS/IPS Intrusion Prevention System: Do you Really Need One?

In my normal line of work, I always get questions regarding certain technologies I use to secure my network beyond the usual firewalls

One of them is the IDS (Intrusion Detection System), IDP (Intrusion Detection and Prevention) and IPS (Intrusion Prevention System)...

It's just a play on words thou IDS is merely detection which is inutile since the damage may have been done already.

As for me I prefer the IDP/IPS particularly the inline type i.e. placed before the server/network to be protected rather than one that's just passively listening on a mirrored port.

But I was asked why it' took me so long to ever think of buying and justifying one. It's just that it's hard to justify expensive security systems if you're going to face traditional thinking superiors looking for security ROI.

I'm more into securing the hosts: the OS and apllication more than expensive security equipment...

adding an IPS is just another layer of security for me.

If you're looking for the best there is, I can;t make recommendations but it's always Tipping Point, Forescout, IBM's ISS et al or probably the free Snort :P

No comments:

Post a Comment